Bug#495463: heimdal-kdc: kadmind.acl is not in the good directory
Hi Brian, I confirmed this bug while setting up a KDC. I think a proper workaround is set a symlink from /var/lib/heimdal-kdc/kadmind.acl during postinst if there's no such file, pointing to /etc/heimdal-kdc/kadmind.acl if it exists (this check is needed since existing users could delete it). Let me know if you want me to prepare a patch and upload to experimental and/or talk to release team if they think this fix should make Lenny. regards, -- Gustavo stratus Franco -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#495463: heimdal-kdc: kadmind.acl is not in the good directory
Gustavo Franco wrote: I confirmed this bug while setting up a KDC. I think a proper workaround is set a symlink from /var/lib/heimdal-kdc/kadmind.acl during postinst if there's no such file, pointing to /etc/heimdal-kdc/kadmind.acl if it exists (this check is needed since existing users could delete it). Let me know if you want me to prepare a patch and upload to experimental and/or talk to release team if they think this fix should make Lenny. Is this an existing installation or an new installation? For a new installation, there should be no problem, the kdc.conf sets the path to the ACL file: [kdc] # See allowed values in krb5_openlog(3) man page. log_file = FILE:/var/log/heimdal-kdc.log acl_file = FILE:/etc/heimdal-kdc/kadmind.acl For an upgraded installation, this problem should have been fixed in Heimdal 1.1-2: === cut === heimdal (1.1-2) unstable; urgency=low * Create symlink at /var/lib/heimdal-kdc/kdc.conf pointing to /etc/heimdal-kdc/kdc.conf, closes: #470404. * On upgrading existing installations create a symlink from /usr/share/doc/heimdal-kdc/examples/kadmind.acl pointing to /etc/heimdal-kdc/kadmind.acl.conf, as the kdc.conf configuration is not updated automatically. * Replace echo -n with printf, closes: #472229. * Install Dutch (nl) debconf translation, closes: #467495. * Install Czech (cs) debconf translation, closes: #452880. * Increase standards version to 3.7.3. * Convert debian/copyright to UTF-8. * Fix various lintian warnings. -- Brian May b...@snoopy.debian.net Fri, 28 Mar 2008 09:46:09 +1100 === cut === -- Brian May br...@microcomaustralia.com.au -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#495463: heimdal-kdc: kadmind.acl is not in the good directory
Package: heimdal-kdc Version: 1.1-3 Severity: normal Hello, Setting up a kerberos server for test I found a problem when using kadmin remotely. /usr/sbin/kadmin -K /tmp/krb5cc_1000 -p daniel/admin kadmin: storage_set_flags called with bad vno (4) [...] kadmin: kadm5_get_privs: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ Googleing for that I found http://www.stacken.kth.se/lists/heimdal-discuss/2007-09/msg00027.html I tryed to move /etc/heimdal-kdc/kadmind.acl in /var/lib/heimdal-kdc and then everything works. Regards. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26.2+kvm-guest.1 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages heimdal-kdc depends on: ii debconf [debconf-2.0] 1.5.22Debian configuration management sy ii heimdal-clients1.1-3 Heimdal Kerberos - clients ii krb5-config1.21 Configuration files for Kerberos V ii libasn1-8-heimdal 1.1-3 Heimdal Kerberos - ASN.1 library ii libc6 2.7-13GNU C Library: Shared libraries ii libdb4.2 4.2.52+dfsg-4 Berkeley v4.2 Database Libraries [ ii libhdb9-heimdal1.1-3 Heimdal Kerberos - kadmin server l ii libkadm5srv8-heimdal 1.1-3 Libraries for Heimdal Kerberos ii libkdc2-heimdal1.1-3 Heimdal Kerberos - KDC support lib ii libkrb5-24-heimdal 1.1-3 Heimdal Kerberos - libraries ii libldap-2.4-2 2.4.10-3 OpenLDAP libraries ii libroken18-heimdal 1.1-3 Heimdal Kerberos - roken support l ii libssl0.9.80.9.8g-12 SSL shared libraries ii logrotate 3.7.1-3 Log rotation utility ii openbsd-inetd [inet-supers 0.20080125-1 The OpenBSD Internet Superserver heimdal-kdc recommends no packages. Versions of packages heimdal-kdc suggests: pn heimdal-docs none (no description available) -- debconf information: heimdal/realm: BABY-GNU.ORG -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]